<%@ page import="java.sql.*"%>
<%@ page language="java" import="java.util.*" pageEncoding="utf-8"%>
<%
String username = request.getParameter("username");
String userpwd =  request.getParameter("userpwd");
if(username.indexOf("'")>=1){
	out.println("非法注入！");
	return;
}
 	Class.forName("com.mysql.jdbc.Driver");
 	Connection conn = DriverManager.getConnection("jdbc:mysql://127.0.0.1:3306/test","root","123456");
 	Statement sql = conn.createStatement();
 	ResultSet rs1 = sql.executeQuery("select * from blackjuly where name='"+ username +"' and password='" + userpwd + "'");
 	if(!rs1.next()){
 		response.sendRedirect("Error\\Nouser.html");
 		return;
 	}
	int rs = sql.executeUpdate("delete from blackjuly where name='" + username + "'");
	conn.close();
	sql.close();
	out.println("删除成功!");
%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
  <head>
    <title>删除状态</title>
  </head>
  
  <body>

  </body>
</html>